I see this patch is (basically) good to have.

One thing sprung in my mind is that perhaps we should also freeze each environment variables, not only the ENV object.  That is not the same way Hash#freeze works, but ENV keys are already frozen as-is so also freezing values might be an opiton.  That should prevent modifying already-existent environment variables, such as RUBYOPT.

On 10/21/2014 05:24 AM, Eric Wong wrote:
> How about supporting ENV.freeze instead?
> Currently ENV.freeze is a no-op, this patch changes that:
> 
> http://80x24.org/spew/m/400e216159e74b65608f2f0b296817cc9823e3bb.txt
> 
>     ENV.freeze should behave like Hash#freeze and not allow future
>     modifications to the ENV from pure Ruby libraries.
> 
>     Users may call ENV.freeze to prevent 3rd-party (pure) Ruby libraries
>     from modifying the process environment any further.
> 
>     This cannot not defend against users who modify the environment using
>     3rd-party C extensions, Fiddle, or FFI RubyGem
> 
>